flatcar/scripts stable-4152.2.0

on GitHub

Changes since Stable 4081.2.1

Security fixes:

• Linux (CVE-2024-57876, CVE-2024-57874, CVE-2025-23128, CVE-2025-23125, CVE-2024-57850, CVE-2024-57849, CVE-2024-57843, CVE-2024-48875, CVE-2024-48873, CVE-2024-47809, CVE-2024-47143, CVE-2024-47141, CVE-2024-45828, CVE-2024-43098, CVE-2024-53680, CVE-2024-52332, CVE-2024-50051, CVE-2024-48881, CVE-2024-41935, CVE-2024-56787, CVE-2024-56786, CVE-2024-56785, CVE-2024-56783, CVE-2024-56781, CVE-2024-56640, CVE-2024-56638, CVE-2024-56637, CVE-2024-56636, CVE-2024-56635, CVE-2024-56634, CVE-2024-56651, CVE-2024-56633, CVE-2024-56650, CVE-2024-56649, CVE-2024-56648, CVE-2024-56645, CVE-2024-56644, CVE-2024-56643, CVE-2024-56642, CVE-2024-56641, CVE-2024-56631, CVE-2024-56615, CVE-2024-56623, CVE-2024-56622, CVE-2024-56619, CVE-2024-56617, CVE-2024-56630, CVE-2024-56629, CVE-2024-56628, CVE-2024-56627, CVE-2024-56626, CVE-2024-56625, CVE-2024-56616, CVE-2024-56592, CVE-2024-56590, CVE-2024-56589, CVE-2024-56587, CVE-2024-56614, CVE-2024-56613, CVE-2024-56586, CVE-2024-56611, CVE-2024-56610, CVE-2024-56606, CVE-2024-56605, CVE-2024-56604, CVE-2024-56603, CVE-2024-56585, CVE-2024-56602, CVE-2024-56601, CVE-2024-56600, CVE-2024-56598, CVE-2024-56597, CVE-2024-56596, CVE-2024-56595, CVE-2024-56594, CVE-2024-56593, CVE-2024-56583, CVE-2024-56584, CVE-2024-56565, CVE-2024-56568, CVE-2024-53196, CVE-2024-55639, CVE-2024-54683, CVE-2024-53687, CVE-2024-56770, CVE-2024-56661, CVE-2024-56660, CVE-2024-56659, CVE-2024-56658, CVE-2024-56657, CVE-2024-56655, CVE-2024-56675, CVE-2024-56672, CVE-2024-56654, CVE-2024-56670, CVE-2024-56667, CVE-2024-56665, CVE-2024-56664, CVE-2024-56663, CVE-2024-56662, CVE-2024-56653, CVE-2024-53241, CVE-2024-53240, CVE-2024-53690, CVE-2024-49571, CVE-2024-49568, CVE-2024-47408, CVE-2024-57791, CVE-2024-56372, CVE-2024-56369, CVE-2024-55916, CVE-2024-55881, CVE-2024-54680, CVE-2024-46896, CVE-2024-56719, CVE-2024-56718, CVE-2024-56717, CVE-2024-56716, CVE-2024-56715, CVE-2024-56709, CVE-2024-53164, CVE-2024-57807, CVE-2024-57798, CVE-2024-57792, CVE-2024-56766, CVE-2024-56765, CVE-2024-56763, CVE-2024-56762, CVE-2024-56760, CVE-2024-56769, CVE-2024-56767, CVE-2023-52881, CVE-2023-52654, CVE-2024-53685)
• Go (CVE-2024-34155, CVE-2024-34156, CVE-2024-34158)
• curl (CVE-2024-8096)
• etcd (CVE-2023-32082)
• expat (CVE-2024-45490)
• intel-microcode (CVE-2023-42667, CVE-2023-49141, CVE-2024-24853, CVE-2024-24980, CVE-2024-25939)
• libarchive (CVE-2024-26256, CVE-2024-48957, CVE-2024-48958)
• libpcap (CVE-2023-7256, CVE-2024-8006)
• nvidia-drivers (CVE-2023-31022, CVE-2024-0074, CVE-2024-0075, CVE-2024-0078, CVE-2024-0126)
• openssh (CVE-2024-39894)
• runc (CVE-2024-45310)
• sysext-docker: docker (CVE-2024-41110)
• sysext-podman: containers-common (CVE-2024-9341)
• sysext-podman: containers-image (CVE-2024-3727)
• sysext-podman: podman (CVE-2024-9407)

Changes:

• Added Proxmox Virtual Environment images (scripts#1783)
• Kernel lockdown in integrity mode is now enabled when secure boot is enabled. This prevents loading unsigned kernel modules and matches the behavior of all major distros. (scripts#2299)
• The UEFI firmware has changed from raw (.fd) format to QCOW2 format. In addition, the amd64 firmware variables are now held in a 4MB image rather than a 2MB image. Note that this firmware is only intended for testing with QEMU. Do not use it in production. (scripts#2434)
• The /usr/sbin directory is now merged into /usr/bin, so the former became a symlink to the latter. The SDK now has the same base layout as the generic images. (flatcar/scripts#2068)
• The arm64 UEFI firmware now supports Secure Boot. Be aware that this is not considered secure due to the lack of an SMM implementation, which is needed to protect the variable store. As above, this firmware should not be used in production anyway. (scripts#2434)
• grub 2.12-flatcar3: GRUB now includes many patches from Red Hat to support Secure Boot, as well as Flatcar's own patches. The version string includes a numbered "flatcar" suffix to track changes to these additional patches. This string can be seen in the GRUB menu. (scripts#2431)

Updates:

• Ignition (2.20.0)
• Linux (6.6.71 (includes 6.6.70, 6.6.69, 6.6.68, 6.6.67, 6.6.66))
• Linux Firmware (20241210 (includes 20241110))
• SDK: Go (1.22.9 (includes 1.22.8, 1.22.7))
• SDK: catalyst (4.0.0)
• SDK: cmake (3.30.2)
• SDK: crossdev (20240921)
• SDK: edk2-bin (202408 (includes 202405, 202402, 202311, 202308, 202305, 202302, 202211, 202208, 202205))
• SDK: meson (1.5.2)
• SDK: perl (5.40.0)
• SDK: rust (1.81.0)
• afterburn (5.7.0)
• audit (4.0.1 (includes 4.0))
• azure, gce, sysext-python: gdbm (1.24)
• azure, gce, sysext-python: python (3.11.10)
• azure: chrony (4.6)
• base, dev: azure-vm-utils (0.3.0)
• base, dev: binutils-config (5.5.2)
• base, dev: btrfs-progs (6.10.1 (includes 6.10))
• base, dev: c-ares (1.33.1 (includes 1.33.0, 1.32.3, 1.32.2, 1.32.1, 1.32.0, 1.31.0, 1.30.0))
• base, dev: cracklib (2.10.2 (includes 2.10.1, 2.10.0))
• base, dev: cryptsetup (2.7.5 (includes 2.7.4, 2.7.3))
• base, dev: curl (8.10.1 (includes 8.10.0))
• base, dev: efivar (39)
• base, dev: gettext (0.22.5)
• base, dev: git (2.45.2 (includes 2.45.1, 2.45.0))
• base, dev: gnutls (3.8.7.1 (includes 3.8.6))
• base, dev: gptfdisk (1.0.10)
• base, dev: intel-microcode (20240910_p20240915)
• base, dev: kmod (33)
• base, dev: ldb (2.8.1 (includes 2.8.0))
• base, dev: libarchive (3.7.6 (includes 3.7.5))
• base, dev: libassuan (3.0.0)
• base, dev: libgcrypt (1.11.0)
• base, dev: libgpg-error (1.50)
• base, dev: libnl (3.10.0)
• base, dev: libnvme (1.10)
• base, dev: liburing (2.7 (includes 2.6, 2.5, 2.4))
• base, dev: nvme-cli (2.10.2 (includes 2.10.1, 2.10))
• base, dev: oniguruma (6.9.9)
• base, dev: openssh (9.8_p1)
• base, dev: pinentry (1.3.1)
• base, dev: pkgconf (2.3.0)
• base, dev: samba (4.19.7)
• base, dev: selinux-base (2.20240916)
• base, dev: selinux-base-policy (2.20240916)
• base, dev: selinux-container (2.20240916)
• base, dev: selinux-dbus (2.20240916)
• base, dev: selinux-policykit (2.20240916)
• base, dev: selinux-sssd (2.20240916)
• base, dev: selinux-unconfined (2.20240916)
• base, dev: socat (1.8.0.0)
• base, dev: sqlite (3.46.1)
• base, dev: talloc (2.4.2)
• base, dev: tcpdump (4.99.5)
• base, dev: tdb (1.4.10)
• base, dev: tevent (0.16.1 (includes 0.16.0))
• base, dev: userspace-rcu (0.14.1)
• bind-tools (9.16.50 (includes 9.16.49))
• bpftool (7.4.0 (includes 7.3.0, 7.2.0, 7.1.0, 7.0.0))
• containerd (1.7.23 (includes 1.7.22))
• dev: gdb (15.2)
• dev: gentoolkit (0.6.7)
• dev: gnuconfig (20240728)
• dev: iperf (3.17.1 (includes 3.17))
• dev: libpipeline (1.5.8)
• dev: man-db (2.13.0)
• etcd (3.5.16)
• expat (2.6.3)
• grub (2.12)
• intel-microcode (20240531_p20240526)
• iproute2 (6.9.0)
• libffi (3.4.6 (includes 3.4.5))
• libnftnl (1.2.7)
• libpcap (1.10.5)
• libpcre2 (10.44)
• libsodium (1.0.20)
• nettle (3.10)
• nvidia-drivers (535.216.01)
• pinentry (1.3.0)
• runc (1.1.14)
• sysext-docker: docker (27.2.1 (includes 26.1.0))
• sysext-podman: aardvark-dns (1.12.2 (includes 1.12.1, 1.12.0))
• sysext-podman: containers-common (0.60.4 (includes 0.60.3, 0.60.2, 0.60.1, 0.60.0, 0.59.2))
• sysext-podman: containers-image (5.32.2 (includes 5.32.1, 5.32.0, 5.31.0, 5.30.2, 5.30.1))
• sysext-podman: containers-storage (1.55.0 (includes 1.54.0))
• sysext-podman: crun (1.17 (includes 1.16.1, 1.16, 1.15, 1.14.4))
• sysext-podman: fuse-overlayfs (1.14)
• sysext-podman: netavark (1.12.2 (includes 1.12.1, 1.12.0, 1.11.0))
• sysext-podman: passt (2024.09.06)
• sysext-podman: podman (5.2.4 (includes 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0))
• sysext-python: idna (3.10 (includes 3.8))
• sysext-python: jaraco-context (6.0.1)
• sysext-python: more-itertools (10.5.0)
• sysext-python: msgpack (1.1.0)
• sysext-python: platformdirs (4.3.6)
• sysext-python: rich (13.8.1)
• sysext-python: setuptools (74.1.3 (includes 73.0.1, 72.2.0))
• sysext-python: trove-classifiers (2024.9.12)
• sysext-python: truststore (0.9.2)
• sysext-python: urllib3 (2.2.3)
• vmware: open-vm-tools (12.5.0)
• vmware: xmlsec (1.3.4)
• whois (5.5.23 (includes 5.5.22))

Changes since Beta 4152.1.0

Security fixes:

• Linux (CVE-2024-57876, CVE-2024-57874, CVE-2025-23128, CVE-2025-23125, CVE-2024-57850, CVE-2024-57849, CVE-2024-57843, CVE-2024-48875, CVE-2024-48873, CVE-2024-47809, CVE-2024-47143, CVE-2024-47141, CVE-2024-45828, CVE-2024-43098, CVE-2024-53680, CVE-2024-52332, CVE-2024-50051, CVE-2024-48881, CVE-2024-41935, CVE-2024-56787, CVE-2024-56786, CVE-2024-56785, CVE-2024-56783, CVE-2024-56781, CVE-2024-56640, CVE-2024-56638, CVE-2024-56637, CVE-2024-56636, CVE-2024-56635, CVE-2024-56634, CVE-2024-56651, CVE-2024-56633, CVE-2024-56650, CVE-2024-56649, CVE-2024-56648, CVE-2024-56645, CVE-2024-56644, CVE-2024-56643, CVE-2024-56642, CVE-2024-56641, CVE-2024-56631, CVE-2024-56615, CVE-2024-56623, CVE-2024-56622, CVE-2024-56619, CVE-2024-56617, CVE-2024-56630, CVE-2024-56629, CVE-2024-56628, CVE-2024-56627, CVE-2024-56626, CVE-2024-56625, CVE-2024-56616, CVE-2024-56592, CVE-2024-56590, CVE-2024-56589, CVE-2024-56587, CVE-2024-56614, CVE-2024-56613, CVE-2024-56586, CVE-2024-56611, CVE-2024-56610, CVE-2024-56606, CVE-2024-56605, CVE-2024-56604, CVE-2024-56603, CVE-2024-56585, CVE-2024-56602, CVE-2024-56601, CVE-2024-56600, CVE-2024-56598, CVE-2024-56597, CVE-2024-56596, CVE-2024-56595, CVE-2024-56594, CVE-2024-56593, CVE-2024-56583, CVE-2024-56584, CVE-2024-56565, CVE-2024-56568, CVE-2024-53196, CVE-2024-55639, CVE-2024-54683, CVE-2024-53687, CVE-2024-56770, CVE-2024-56661, CVE-2024-56660, CVE-2024-56659, CVE-2024-56658, CVE-2024-56657, CVE-2024-56655, CVE-2024-56675, CVE-2024-56672, CVE-2024-56654, CVE-2024-56670, CVE-2024-56667, CVE-2024-56665, CVE-2024-56664, CVE-2024-56663, CVE-2024-56662, CVE-2024-56653, CVE-2024-53241, CVE-2024-53240, CVE-2024-53690, CVE-2024-49571, CVE-2024-49568, CVE-2024-47408, CVE-2024-57791, CVE-2024-56372, CVE-2024-56369, CVE-2024-55916, CVE-2024-55881, CVE-2024-54680, CVE-2024-46896, CVE-2024-56719, CVE-2024-56718, CVE-2024-56717, CVE-2024-56716, CVE-2024-56715, CVE-2024-56709, CVE-2024-53164, CVE-2024-57807, CVE-2024-57798, CVE-2024-57792, CVE-2024-56766, CVE-2024-56765, CVE-2024-56763, CVE-2024-56762, CVE-2024-56760, CVE-2024-56769, CVE-2024-56767, CVE-2023-52881, CVE-2023-52654, CVE-2024-53685)

Updates:

• Linux (6.6.74 (includes 6.6.73, 6.6.72, 6.6.71, 6.6.70, 6.6.69, 6.6.68, 6.6.67, 6.6.66))